package com.kma.ncpractice2013.auth;

import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import java.io.IOException;
import java.io.PrintWriter;

/**
 * User: Viktor
 * Date: 10/13/13
 */
public class AccessFilter implements Filter
{
    public void destroy()
    {
    }

    public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws ServletException, IOException
    {

        HttpServletRequest request = (HttpServletRequest) req;

        PrintWriter out = resp.getWriter();
        HttpSession s = request.getSession(false);

        if ((request.getServletPath().contains("/manager")) || (request.getServletPath().contains("/reports")))
        {


            if (s!=null)
            {
                String isLoggedin = (String)s.getAttribute("auth");
                String auth_level = (String)s.getAttribute("access_level");
                if(isLoggedin!=null && isLoggedin.equals("true") && auth_level.equals("2"))
                {

                    chain.doFilter(req, resp);
                }
                else
                {
                    out.print("(filter message) you're not on the list ");
                }

            }
        }



        else chain.doFilter(req, resp);

    }

    public void init(FilterConfig config) throws ServletException
    {

    }

}
